The flaw centers around how the Symantec/Norton antivirus engine handles executable files packed by early versions of aspack. In certain cases it can result in a buffer overflow. Ormandy explained “on Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process. On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability – this is about as bad as it can possibly get.”

Symantec has responded with confirmation and a patch. “We have confirmed your findings and have resolutions as well as doing additional reviews,” the company wrote on Ormandy’s forum post. “We can easily update a version of one of our products, Norton Security for example, with an updated engine by the end of the week and if you would like can provide you with an beta release of that for your review. Unfortunately, not all products will be updated the same which of course has impacts on final release of updates and an associated Security Advisory. Some are quick and fairly simple updates, live update of course, but others require a maintenance patch build, test, release which takes a bit longer.”